Over a year after the Meltdown and Spectre security flaws ravaged the PC industry, Intel has revealed a new, even more serious set of vulnerabilities.
The new flaws are called Microarchitectural Data Sampling, or MDS, and while the processor giant and the security researchers who discovered them have never seen exploits in the wild, they’ve been able to create exploits of their own as a proof of concept.
Though the Intel chipsets released this year include a fix for the flaws, they impact every Intel microprocessor released since 2011, so previous versions will need to be patched. Those patches are already available, but some, depending on the chipset, could slow performance by as much as 19 percent. Worse, the fixes for older chipsets don’t completely mitigate the problems.
The security researchers who worked with Intel have released their own information about the flaws as well, and each has created sample exploits to demonstrate the issues. One group has named their exploits RIDL and Fallout.
“The RIDL and Fallout speculative execution attacks allow attackers to leak confidential data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your information to malicious websites,” notes a new website created by one team of security researchers who notified Intel about the problems. “Our attacks leak data by exploiting the newly disclosed Microarchitectural Data Sampling (or MDS) side-channel vulnerabilities in Intel CPUs. Unlike existing attacks, our attacks can leak arbitrary in-flight data from CPU-internal buffers (Line Fill Buffers, Load Ports, Store Buffers), including data never stored in CPU caches. We show that existing defenses against speculative execution attacks are inadequate, and in some cases actually make things worse. Attackers can use our attacks to obtain sensitive data despite mitigations, due to vulnerabilities deep inside Intel CPUs.”
A second group has created an exploit called ZombieLoad.
“The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them,” the ZombieLoad website notes. “While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys. The attack does not only work on personal computers but can also be exploited in the cloud.”
Amazon, Apple, Google, Microsoft, and Mozilla have all claimed to have issued fixes for the flaws.
“We’re aware of this industry-wide issue and have been working closely with affected chip manufacturers to develop and test mitigations to protect our customers,” a Microsoft statement reads. “We are working to deploy mitigations to cloud services and release security updates to protect Windows customers against vulnerabilities affecting supported hardware chips.”
The RIDL and Fallout researchers have created a tool that will show you (in Windows or Linux) if your PC is vulnerable. But the reality is that you are vulnerable if you’re using an Intel chipset.